CVE-2025-1844: ESAFENET CDG backupLogDetail.jsp sql injection
First published: Mon Mar 03 2025(Updated: )
A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. Affected is an unknown function of the file /CDGServer3/logManagement/backupLogDetail.jsp. The manipulation of the argument logTaskId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gemalto SafeNet CDG | =5.6.3.154.205_20250114 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1844?
CVE-2025-1844 is classified as a critical vulnerability.
What software is affected by CVE-2025-1844?
CVE-2025-1844 affects ESAFENET CDG version 5.6.3.154.205_20250114.
How does CVE-2025-1844 potentially impact systems?
CVE-2025-1844 allows for SQL injection through the logTaskId parameter.
How do I fix CVE-2025-1844?
To fix CVE-2025-1844, update ESAFENET CDG to the latest version that resolves this vulnerability.
What exploitation methods are possible with CVE-2025-1844?
Attackers may exploit CVE-2025-1844 to execute unauthorized SQL commands against the database.
- collector/mitre-cve
- source/MITRE
- agent/type
- agent/weakness
- agent/description
- agent/references
- agent/title
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/source
- agent/author
- agent/tags
- agent/event
- vendor/esafenet
- canonical/gemalto safenet cdg